Compliance to PCI DSS

Step 3 of 3: Certification

There are two different compliance assessments for PCI DSS. If you only require a self-assessment we can review your questionnaire to ensure it is appropriately completed. We can also work with you to deliver a compliance report*

If you need to gain certification to the standard and undergo a full assessment with a Qualified Security Assessor (QSAs), that’s where our team of experienced team can help.


How to get certified to PCI DSS

PCI DSS certification should be hassle-free. You’ll be appointed a BSI Client Manager, a trusted expert with relevant industry experience to your business, who can guide you through the process.

The steps to PCI DSS certification:

1. PCI DSS gap analysis

An optional service which takes place before your assessment visits. We’ll take a closer look at your existing PCI DSS system and compare it with the requirements of the standard. It’s a really cost effective way to check if there are any areas you need to work on before we carry out a formal assessment.

2. Formal assessment

A two-stage process. First your BSI Client Manager will review your organization’s readiness for assessment by checking if the necessary PCI DSS procedures and controls have been developed in your organization. We will share the details of our findings with you so that if we find gaps, you can close them. Next, if all the requirements are in place, we’ll assess the implementation of the procedures and controls within your organization to make sure that they are working effectively as required for certification of PCI DSS. 

3. Certification and beyond

When you achieve certification you’ll receive your BSI PCI DSS certificate which is valid for three years. Your BSI Client Manager will visit you regularly to make sure your system doesn’t just remain compliant, but it continually improves and adds value to your organization.


Celebrate your success

When you achieve PCI DSS certification with us, you’ll be able to show your commitment to managing payment card information securely. It’s a great opportunity to celebrate your achievement, promote your business and show that you’re a trusted organization which could open up new business opportunities.

Plus at BSI, we can combine your PCI DSS audit with ISO/IEC 27001 assessments so you have a consistent approach to your wider information security programme. With aligned visit cycles, you have less disruption and greater efficiency, all from a business partner you can trust. Show your stakeholders that payment card security and protecting information is at the heart of your business.